U.S. Officials Leak Military Plans via Signal in Unprecedented OPSEC Blunder

On March 24, The Atlantic's Jeffrey Goldberg revealed that U.S. Secretary of Defense Pete Hegseth had sent him detailed military plans for strikes against Houthi targets in Yemen through Signal, an encrypted messaging app. According to Goldberg, the plans arrived at 11:44 a.m. ET on March 15, and the airstrikes took place roughly two hours later.

High-Profile Security Breach

The conversation reportedly included classified military strategies and the name of an active U.S. intelligence officer. Goldberg, realizing the sensitivity of the discussion, eventually removed himself from the chat.

Multiple U.S. officials have verified the authenticity of the Signal text chain. However, during a Senate Intelligence Committee hearing, Director of National Intelligence Tulsi Gabbard and CIA Director John Ratcliffe downplayed the severity of the incident, insisting that no classified information was disclosed. Surprisingly, the chat also included Vice President JD Vance, Secretary of State Marco Rubio, and other top officials.

If the details reported by The Atlantic are accurate, this would mark one of the most significant operational security (OPSEC) failures in modern history.

Why Signal Was the Wrong Choice

Signal, an end-to-end encrypted messaging app, is widely used by journalists, activists, and dissidents for secure communication. However, experts emphasize that it is not approved for government use—especially for discussing sensitive national security matters.

Calli Schroeder, senior counsel at the Electronic Privacy Information Center (EPIC), told Dark Reading:

"Signal is not secure enough for communicating war plans. Either these officials discussed classified information on personal devices—potentially over public networks—or they installed unauthorized apps on government devices. Both scenarios represent severe security breaches."

Additionally, using disappearing messages—as reported in The Atlantic—violates federal record-keeping laws, raising further concerns about accountability and transparency.

A Stunning Lack of Awareness

The breach reportedly originated from a March 11 mistake by Michael Waltz, President Donald Trump’s national security advisor, who inadvertently added Goldberg to the chat.

Schroeder criticized the situation:

"How do you accidentally add a journalist to a war strategy chat? This suggests Waltz either mistook Goldberg for someone else or simply tapped the wrong name. But military security cannot hinge on a 'finger slip.'"

Even more troubling, none of the high-ranking officials in the chat noticed the presence of an unfamiliar number or questioned whether Signal was an appropriate platform for such discussions.

"This reveals either a shocking lack of security awareness or a level of negligence that makes them unfit for these conversations," Schroeder warned.

Impact on Signal and Broader Cybersecurity Concerns

The incident also raises concerns for Signal's future. Matthew Green, a cryptographer at Johns Hopkins Information Security Institute, noted that while Signal is excellent for consumer-grade encryption, it is not designed for military use.

"Signal is being asked to do too much," Green said on Mastodon. "As the only encrypted messenger people really trust, it’s becoming a target for too many groups."

Ultimately, the leak exposes critical weaknesses in U.S. government cybersecurity practices, potentially giving foreign adversaries insight into deep-seated vulnerabilities in American OPSEC.